Support of hierarchical network mobility for proxy mobile IP

ABSTRACT

A networking system comprises a proxy mobility agent (PMA) module, and a home agent (HA) module. The PMA module sends a first binding update message including a unique identifier to a remote HA based on a trigger signal. The unique identifier identifies a mobile terminal associated with the remote PMA. The HA module receives a second binding update message including the unique identifier from a remote PMA, and selectively sends the trigger signal to the PMA module based on the second binding update message.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of U.S. Provisional Application No.60/886,813, filed on Jan. 26, 2007. The disclosure of the aboveapplication is incorporated herein by reference in its entirety.

FIELD

The present disclosure relates to mobile networking and moreparticularly to using a proxy to provide mobility to a mobile terminal.

BACKGROUND

The background description provided herein is for the purpose ofgenerally presenting the context of the disclosure. Work of thepresently named inventors, to the extent it is described in thisbackground section, as well as aspects of the description that may nototherwise qualify as prior art at the time of filing, are neitherexpressly nor impliedly admitted as prior art against the presentdisclosure.

Referring now to FIG. 1, a functional block diagram of a wirelesscommunications system is presented. A home network 102 receives packetsfrom and sends packets to a distributed communications system 104, suchas the Internet. A wireless terminal 106 wirelessly connects to the homenetwork 102. For example, the wireless terminal 106 may be a mobilephone, and the home network 102 may be the cellular network of a mobilephone operator. The wireless terminal 106 is configured to work with thehome network 102, and may be unable connect to the networks of othercarriers. In various implementations, the wireless terminal 106 may beable to view content from the Internet 104 via the home network 102. Thehome network 102 may also interconnect with the networks of otherservice providers.

Referring now to FIG. 2, a functional block diagram of a wirelesscommunications system offering mobility is presented. The home network102 is connected to one or more visited networks 110. For example only,FIG. 2 depicts three visited networks 110-1, 110-2 and 110-3. In variousimplementations, the visited networks 110 may be the networks of otherservice providers, including service providers in other countries.

A mobile wireless terminal 120 includes mobility features that allow itto communicate with the visited networks 110. For example, in FIG. 2,the mobile wireless terminal 120 has established a wireless connectionto the visited network 110-1. The mobile wireless terminal 120 includesthe code and data used to communicate with the home network 102 via thevisited network 110-1. In this way, the mobile wireless terminal 120 caninterface with the home network 102 even when connected to one of thevisited networks 110.

Referring now to FIG. 3, a functional block diagram depicts a wirelesscommunications system that provides proxy mobility to the wirelessterminal 106. A home network 150 communicates with visited networks160-1, 160-2, and 160-3. The visited networks 160 provide transparentmobility to wireless terminals, such as the wireless terminal 106, thathave not been updated to include mobility functionality.

When the wireless terminal 106 attempts to establish a link with thevisited network 160-1, the visited network 160-1 determines the networkto which the wireless terminal 106 belongs. In this case, the visitednetwork 160-1 determines that the home network 150 is the appropriatenetwork. The visited network 160-1 then forwards packets from thewireless terminal 106 to the home network 150 and passes packets fromthe home network 150 to the wireless terminal 106. The wireless terminal106 is therefore oblivious to the fact that it is connected to thevisited network 160-1 instead of to the home network 150.

Referring now to FIG. 4, a more detailed functional block diagram of animplementation of proxy mobility is presented. Proxy mobility may alsobe referred to as network-based mobility because the network providesmobility to a terminal that does not have built-in mobility. In anInternet Protocol (IP) network, proxy mobility may be referred to asproxy mobile IP (PMIP). The home network 150 includes a home agent 202.The home agent 202 establishes the logical location of the wirelessterminal 106. Packets destined for the wireless terminal 106 are firstsent to the home agent 202, while packets from the wireless terminal 106will appear to originate from the home agent 202.

The wireless terminal 106 may establish a connection to an attachmentpoint 206-1 within the visited network 160-1. In variousimplementations, additional attachment points, such as attachment points206-2 and 206-3, may be present. The attachment points 206 maycommunicate with other networks, including the home network 150, via agateway 210.

Referring now to FIG. 5, a timeline of steps performed when the wirelessterminal 106 connects to the visited network 160-1 is presented. First,the wireless terminal 106 performs access and authentication with theattachment point 206-1. This may include communicating with an Access,Authentication, and Accounting (AAA) server. Upon authentication, thewireless terminal 106 attempts to attach to the attachment point 206-1.

The AAA server may use an identifier of the wireless terminal 106, suchas a network address identifier, that uniquely identifies the wirelessterminal 106. The attachment request requests an IP address from theattachment point 206-1. The attachment point 206-1 determines theappropriate home agent for the wireless terminal 106. This informationmay be supplied by the wireless terminal 106 and/or may be supplied bythe source of the authentication information.

The attachment point 206-1 then sends a binding update message to thehome agent 202. The home agent 202 allocates an IP address, IP₁, to thewireless terminal 106. The address IP₁ is used for communications withthe wireless terminal 106. When the wireless terminal 106 sends apacket, that packet will appear to originate from the home agent 202with a source address of IP₁. In addition, packets destined for thewireless terminal 106 are sent to the home agent 202 with a destinationof IP₁.

The home agent 202 sends a binding acknowledgement message including IP₁to the attachment point 206-1. A tunnel is then set up between theattachment point 206-1 and the home agent 202 for transmission ofpackets to and from the wireless terminal 106. The attachment point206-1 then assigns IP₁ to the wireless terminal 106. In this process,the wireless terminal 106 has requested an IP address from theattachment point 206-1 and has received one. The wireless terminal 106is not, and does not need to be, aware that it is connected to thevisited network 160.

Referring now to FIGS. 6 and 7, a packet being sent by the wirelessterminal 106 and a packet being sent to the wireless terminal 106,respectively, are graphically depicted. Referring now to FIG. 6, apacket 242 is transmitted to the wireless terminal 106. The source ofthe packet 242 is IP₁, the IP address assigned to the wireless terminal106. The destination of the packet 242 is the IP address, denotedIP_(dest), to which the wireless terminal 106 is sending the packet 242.The packet 242 may also include a payload.

The packet 242 is received by the attachment point 206-1. The attachmentpoint 206-1 tunnels the packet 242 to the home agent 202. The packet 242is tunneled by encapsulating it within an encapsulating packet 244. Theheader and payload of the packet 242 is placed in the payload of theencapsulating packet 244. The encapsulating packet 242 has a sourceaddress of the attachment point 206-1, IP_(AP), and a destinationaddress of the home agent 202, IP_(HA).

When the home agent 202 receives the encapsulating packet 244, the homeagent 202 extracts the original packet 242 from the payload of theencapsulating packet 244. The packet 242 is then routed to thedestination indicated by IP_(dest). For example only, this may be anaddress on the Internet 104.

Referring now to FIG. 7, a packet 252 is received by the home agent 202for the wireless terminal 106. The packet 252 has a source address ofthe sender of the packet 252, designated IP_(src). The destinationaddress of the packet 252 is the address assigned to the wirelessterminal 106, IP₁. The home agent 202 recognizes the destination addressof IP₁ and tunnels the packet 252 to the attachment point 206-1.

The packet 252 may be tunneled by encapsulating it within the payload ofan encapsulating packet 254. The source address of the encapsulatingpacket 254 is the address of the home agent 202, IP_(HA). Thedestination of the encapsulating packet 254 is the address of theattachment point 206-1, IP_(AP). The attachment point 206-1 extracts thepacket 252 from the payload of the encapsulating packet 254 and forwardsthe packet 252 to the wireless terminal 106.

SUMMARY

A networking system comprises a proxy mobility agent (PMA) module, and ahome agent (HA) module. The PMA module sends a first binding updatemessage including a unique identifier to a remote HA based on a triggersignal. The unique identifier identifies a mobile terminal associatedwith the remote PMA. The HA module receives a second binding updatemessage including the unique identifier from a remote PMA, andselectively sends the trigger signal to the PMA module based on thesecond binding update message.

In other features, the PMA module receives a first bindingacknowledgement including an assigned internet protocol (IP) addressfrom the remote HA and transmits the assigned IP address to the HAmodule. After the assigned IP address is received, the HA module sends asecond binding acknowledgement including the assigned IP address to theremote PMA. After the assigned IP address is received, the HA moduleestablishes a tunnel with the remote PMA. After the first bindingacknowledgement is received, the PMA module establishes a tunnel withthe remote HA.

In further features, either the PMA module or the HA module allocates anallocated IP address to the remote PMA. When the PMA module receives apacket with a destination address corresponding to the allocated IPaddress, the HA module forwards the packet to the remote PMA. Thenetworking system further comprises a memory storing a mapping fromallocated IP address to PMA address. Either the PMA module or the HAmodule allocates an allocated IP address to the mobile terminal.

In still other features, when the PMA module receives a packet with adestination address corresponding to the allocated IP address, the HAmodule forwards the packet to the remote PMA. The networking systemfurther comprises a memory storing a mapping from allocated IP addressto PMA address. The HA module receives an address of the remote HA fromthe remote PMA. Either the HA module or the PMA module determines anaddress of the remote HA. The address of the remote HA is determinedbased on the unique identifier.

In other features, the address of the remote HA is determined from anauthentication server. The address of the remote HA is determined from adomain name system (DNS) query based on a logical name. The logical nameis received from the remote PMA. The HA module sends the trigger signalto the PMA module when the second binding update message includes anaugmented identifier including the unique identifier. The augmentedidentifier includes an HA identifier. Either the HA module or the PMAmodule resolves the HA identifier to an address of the remote HA.

In further features, the HA module sends the trigger signal to the PMAmodule when the second binding update message includes a predeterminedindicator. The HA module determines an HA identifier for the mobileterminal and sends the trigger signal to the PMA module when the HAidentifier differs from an address of the HA module. The HA moduledetermines the HA identifier based on the unique identifier.

A method of controlling a networking system comprises receiving a firstbinding update from a remote proxy mobility agent (PMA) including aunique identifier, where the unique identifier identifies a mobileterminal associated with the remote PMA; selectively generating atrigger signal based on the first binding update; and transmitting asecond binding update including the unique identifier to a remote homeagent (HA) based on the trigger signal.

In other features, the method further comprises receiving a firstbinding acknowledgement including an assigned internet protocol (IP)address from the remote HA. The method further comprises sending asecond binding acknowledgement including the assigned IP address to theremote PMA. The method further comprises establishing a tunnel with theremote PMA after receiving the assigned IP address. The method furthercomprises establishing a tunnel with the remote HA after receiving thefirst binding acknowledgement. The method further comprises allocatingan allocated IP address to the remote PMA.

In further features, the method further comprises receiving a packetwith a destination address corresponding to the allocated IP address;and forwarding the packet to the remote PMA. The method furthercomprises storing a mapping from allocated IP address to PMA address.The method further comprises allocating an allocated IP address to themobile terminal. The method further comprises receiving a packet with adestination address corresponding to the allocated IP address; andforwarding the packet to the remote PMA.

In still other features, the method further comprises storing a mappingfrom allocated IP address to PMA address. The method further comprisesreceiving an address of the remote HA from the remote PMA. The methodfurther comprises determining an address of the remote HA. The methodfurther comprises determining the address of the remote HA based on theunique identifier. The method further comprises determining the addressof the remote HA from an authentication server.

In other features, the method further comprises determining the addressof the remote HA by performing a domain name system (DNS) query based ona logical name. The method further comprises receiving the logical namefrom the remote PMA. The method further comprises generating the triggersignal when the first binding update includes an augmented identifierincluding the unique identifier. The augmented identifier includes an HAidentifier. The method further comprises resolving the HA identifier toan address of the remote HA.

In further features, the method further comprises generating the triggersignal when the first binding update includes a predetermined indicator.The method further comprises determining an HA identifier for the mobileterminal; and generating the trigger signal when the HA identifierdiffers from an address of the HA module. The method further comprisesdetermining the HA identifier based on the unique identifier.

A computer program stored on a computer-readable medium for use by aprocessor for operating a networking system comprises receiving a firstbinding update from a remote proxy mobility agent (PMA) including aunique identifier, where the unique identifier identifies a mobileterminal associated with the remote PMA; selectively generating atrigger signal based on the first binding update; and transmitting asecond binding update including the unique identifier to a remote homeagent (HA) based on the trigger signal.

In other features, the computer program further comprises receiving afirst binding acknowledgement including an assigned internet protocol(IP) address from the remote HA. The computer program further comprisessending a second binding acknowledgement including the assigned IPaddress to the remote PMA. The computer program further comprisesestablishing a tunnel with the remote PMA after receiving the assignedIP address. The computer program further comprises establishing a tunnelwith the remote HA after receiving the first binding acknowledgement.The computer program further comprises allocating an allocated IPaddress to the remote PMA.

In further features, the computer program further comprises receiving apacket with a destination address corresponding to the allocated IPaddress; and forwarding the packet to the remote PMA. The computerprogram further comprises storing a mapping from allocated IP address toPMA address. The computer program further comprises allocating anallocated IP address to the mobile terminal. The computer programfurther comprises receiving a packet with a destination addresscorresponding to the allocated IP address; and forwarding the packet tothe remote PMA.

In still other features, the computer program further comprises storinga mapping from allocated IP address to PMA address. The computer programfurther comprises receiving an address of the remote HA from the remotePMA. The computer program further comprises determining an address ofthe remote HA. The computer program further comprises determining theaddress of the remote HA based on the unique identifier. The computerprogram further comprises determining the address of the remote HA froman authentication server.

In still other features, the computer program further comprisesdetermining the address of the remote HA by performing a domain namesystem (DNS) query based on a logical name. The computer program furthercomprises receiving the logical name from the remote PMA. The computerprogram further comprises generating the trigger signal when the firstbinding update includes an augmented identifier including the uniqueidentifier. The augmented identifier includes an HA identifier. Thecomputer program further comprises resolving the HA identifier to anaddress of the remote HA.

In other features, the computer program further comprises generating thetrigger signal when the first binding update includes a predeterminedindicator. The computer program further comprises determining an HAidentifier for the mobile terminal; and generating the trigger signalwhen the HA identifier differs from an address of the HA module. Thecomputer program further comprises determining the HA identifier basedon the unique identifier.

A networking system comprises proxy mobility agent (PMA) means forsending a first binding update message including a unique identifier toa remote home agent (HA) based on a trigger signal; and HA means forreceiving a second binding update message from a remote PMA includingthe unique identifier, and for selectively sending the trigger signal tothe PMA means based on the second binding update message. The uniqueidentifier identifies a mobile terminal associated with the remote PMA.

In other features, the PMA means receives a first bindingacknowledgement including an assigned internet protocol (IP) addressfrom the remote HA and transmits the assigned IP address to the HAmeans. After the assigned IP address is received, the HA means sends asecond binding acknowledgement including the assigned IP address to theremote PMA. After the assigned IP address is received, the HA meansestablishes a tunnel with the remote PMA. After the first bindingacknowledgement is received, the PMA means establishes a tunnel with theremote HA.

In further features, either the PMA means or the HA means allocates anallocated IP address to the remote PMA. When the PMA means receives apacket with a destination address corresponding to the allocated IPaddress, the HA means forwards the packet to the remote PMA. Thenetworking system further comprises memory means for storing a mappingfrom allocated IP address to PMA address. Either the PMA means or the HAmeans allocates an allocated IP address to the mobile terminal. When thePMA means receives a packet with a destination address corresponding tothe allocated IP address, the HA means forwards the packet to the remotePMA.

In still other features, the networking system further comprises memorymeans for storing a mapping from allocated IP address to PMA address.The HA means receives an address of the remote HA from the remote PMA.Either the HA means or the PMA means determines an address of the remoteHA. The address of the remote HA is determined based on the uniqueidentifier. The address of the remote HA is determined from anauthentication server.

In other features, the address of the remote HA is determined from adomain name system (DNS) query based on a logical name. The logical nameis received from the remote PMA. The HA means sends the trigger signalto the PMA means when the second binding update message includes anaugmented identifier including the unique identifier. The augmentedidentifier includes an HA identifier. Either the HA means or the PMAmeans resolves the HA identifier to an address of the remote HA.

The HA means sends the trigger signal to the PMA means when the secondbinding update message includes a predetermined indicator. The HA meansdetermines an HA identifier for the mobile terminal and sends thetrigger signal to the PMA means when the HA identifier differs from anaddress of the HA means. The HA means determines the HA identifier basedon the unique identifier.

In still other features, the systems and methods described above areimplemented by a computer program executed by one or more processors.The computer program can reside on a computer readable medium such asbut not limited to memory, non-volatile data storage, and/or othersuitable tangible storage mediums.

Further areas of applicability of the present disclosure will becomeapparent from the detailed description provided hereinafter. It shouldbe understood that the detailed description and specific examples areintended for purposes of illustration only and are not intended to limitthe scope of the disclosure.

BRIEF DESCRIPTION OF THE DRAWINGS

The present disclosure will become more fully understood from thedetailed description and the accompanying drawings, wherein:

FIG. 1 is a functional block diagram of a wireless communications systemaccording to the prior art;

FIG. 2 is a functional block diagram of a wireless communications systemoffering mobility according to the prior art;

FIG. 3 is a functional block diagram of a wireless communications systemthat provides proxy mobility to a wireless terminal according to theprior art;

FIG. 4 is a more detailed functional block diagram of an implementationof proxy mobility according to the prior art;

FIG. 5 is a timeline of steps performed when a wireless terminalconnects to a visited network according to the prior art;

FIGS. 6 and 7 are graphical depictions of a packet being sent by andsent to a wireless terminal, respectively according to the prior art;

FIG. 8 is a functional block diagram of an exemplary implementation of ahierarchical proxy mobility architecture according to the principles ofthe present disclosure;

FIG. 9 is a more detailed functional block diagram of an exemplaryimplementation of hierarchical proxy mobility for a single attachmentpoint;

FIG. 10 is an exemplary timeline of attachment of a wireless terminal;

FIGS. 11A-12A are exemplary graphical depictions of transmission of apacket from the wireless terminal;

FIGS. 11B-12B are exemplary graphical depictions of transmission of apacket to the wireless terminal;

FIGS. 13A-13B are functional block diagrams of exemplary implementationsof the intermediate anchoring point;

FIG. 14 is a flowchart depicting exemplary steps performed by anattachment point; and

FIGS. 15A-15B are flowcharts depicting exemplary steps performed by anintermediate anchoring point.

DETAILED DESCRIPTION

The following description is merely exemplary in nature and is in no wayintended to limit the disclosure, its application, or uses. For purposesof clarity, the same reference numbers will be used in the drawings toidentify similar elements. As used herein, the phrase at least one of A,B, and C should be construed to mean a logical (A or B or C), using anon-exclusive logical or. It should be understood that steps within amethod may be executed in different order without altering theprinciples of the present disclosure.

As used herein, the term module refers to an Application SpecificIntegrated Circuit (ASIC), an electronic circuit, a processor (shared,dedicated, or group) and memory that execute one or more software orfirmware programs, and/or a combinational logic circuit.

Referring now to FIG. 8, a functional block diagram depicts an exemplaryimplementation of a hierarchical proxy mobility architecture accordingto the principles of the present disclosure. A home network 302 includesa home anchoring point 306 and anauthentication/authorization/accounting (AAA) server 310. A terminal314, which may include a mobile device such as a mobile phone, connectsto a visited network 318.

The visited network 318 includes one or more attachment points 320. Forexample only, five attachment points 320-1, 320-2, 320-3, 320-4, and320-5 are shown. The attachment points 320 may include any suitablewireless or wired interface. For example only, the attachment point320-1 may include a 3^(rd) Generation Partnership Project (3GPP)interface. The attachment point 320-1 may use the Universal MobileTelecommunications System (UMTS) and/or a Long Term Evolution (LTE)Radio Access Network (RAN).

For example only, the attachment point 320-2 may include a Worldwideinteroperability for Microwave Access (WiMAX) interface. For exampleonly, the attachment point 320-3 may include a wired interface, such asa cable modem or a Digital Subscriber Line (DSL). For example only, theattachment point 320-4 may include a 3^(rd) Generation PartnershipProject 2 (3GPP2) interface, which may use Code Division Multiple Access2000 (CDMA2000). For example only, the attachment point 320-5 mayinclude a Wireless Local Area Network (WLAN) interface.

The attachment points 320 may communicate with other networks, such asthe home network 302, via an intermediate anchoring point 330. Theintermediate anchoring point 330 may also include switching and routingfunctionality to allow the attachment points 320 to communicate betweeneach other. The visited network 318 may include an AAA proxy 340, whichconnects to the AAA server 310 of the home network 302.

For example only, the terminal 314 is shown connected to the attachmentpoint 320-1. When the terminal 314 initiates the connection with theattachment point 320-1, the attachment point 320-1 determines whetherthe terminal 314 is authorized by querying the AAA proxy 340. The AAAproxy 340 may identify the AAA server 310 based on identificationinformation from the terminal 314, and request authorization informationfrom the AAA server 310.

The AAA proxy 340 may cache this data, such as for a specified period oftime or for as long as the terminal 314 is connected to one of theattachment points 320 of the visited network 318. In addition, the AAAserver 310 may provide an expiration time for this authorizationinformation. The authorization information may include whether theterminal 314 is authorized to connect to the visited network 318, whatservices the terminal 314 should be offered, and what quality of servicethe terminal 314 should be guaranteed.

In various implementations, the AAA proxy 340 may provide the address ofthe AAA server 310 to the attachment point 320-1, which then queries theAAA server 310 directly. Access and authorization may be provided by anysuitable method, including a Home Subscriber System (HSS).

Assuming that the terminal 314 is authorized to attach, a first tunnelis created between the attachment point 320-1 and the intermediateanchoring point 330. A second tunnel is created between the intermediateanchoring point 330 and the home anchoring point 306. If the terminal314 switches from the attachment point 320-1 to another of theattachment points 320, or to another 3GPP attachment point (not shown),only the first tunnel will be modified.

The second tunnel, from the intermediate anchoring point 330 to the homeanchoring point 306, can remain unchanged. This may present asignificant time savings when the visiting network 318 and the homenetwork 302 are physically separated by a great distance. For example,creating a new intercontinental tunnel may incur a delay on the order ofseconds.

As an overview, FIG. 9 depicts a more detailed functional block diagramof an exemplary implementation of hierarchical proxy mobility for asingle attachment point. FIG. 10 depicts an exemplary timeline ofattachment of a wireless terminal. FIGS. 11A and 12A depict exemplaryways of transmitting a packet from the wireless terminal, while FIGS.11B and 12B depict exemplary ways of transmitting a packet to thewireless terminal. FIGS. 13A and 13B depict exemplary implementations ofthe intermediate anchoring point 330. FIG. 14 depicts exemplary stepsperformed by the attachment point 320-1, and FIGS. 15A and 15B depictexemplary steps performed by the intermediate anchoring point 330.

Referring now to FIG. 9, the terminal 314 connects to a proxy mobilityagent (PMA) 402 of the attachment point 320-1. In variousimplementations, the PMA 402 may be a part of a user plane entity (UPE),an access service network (ASN) gateway (GW), and/or an electronicpacket data gateway (ePDG). The PMA 402 receives identificationinformation from the terminal 314.

This identification information may include, for example, a NetworkAddress Identifier (NAI) and/or an International Mobile SubscriberIdentity (IMSI). The identification information is sent to the AAA proxy340. Based on the identification information, the AAA proxy identifiesthe appropriate AAA server. In this case, the AAA server 310 isselected. The AAA proxy 340 sends the identification information to theAAA server 310, which returns authentication information to the PMA 402.

Assuming that the terminal 314 is authorized for access, the PMA 402sends a binding update to a home agent (HA) 406 of the intermediateanchoring point 330. The PMA 402 also transmits information indicatingthat the HA 406 is not the ultimate home agent of the terminal 314. Forexample, the binding update may include information designating theultimate home agent of the terminal 314, which is not the HA 406. ThePMA 402 may be pre-programmed with the location of the HA 406.

In various implementations, the terminal 314 and/or the AAA server 310may provide information identifying the ultimate home agent. The PMA 402and/or the HA 406 may also resolve the ultimate home agentidentification into an address, such as an IP address. In variousimplementations, the address of the ultimate home agent may be resolvedfrom a logical name using a Domain Name System (DNS) query.

The HA 406 allocates an IP address for the terminal 314, which may beperformed in the same manner as when the HA 406 is the ultimate homeagent. However, because the HA 406 is not the ultimate home agent, theHA 406 triggers a second PMA 410 of the intermediate anchoring point 330to contact the ultimate home agent, a second HA 414. The second PMA 410sends a binding update to the second HA 414. The second HA 414 allocatesan IP address, IP₂, to the terminal 314. The address IP₂ from the secondHA 414 is assigned to the terminal 314. Tunnels are then establishedbetween the second HA 414 and the second PMA 410, and between the HA 406and the PMA 402.

Referring now to FIG. 10, an exemplary timeline of a terminal attachmentto a visited network is shown. For ease of explanation, the first PMA402 will be referred to herein as PMA1, the second PMA 410 as PMA2, thefirst HA 406 as HA1, and the second HA 414 as HA2. The terminal 314begins access authentication with PMA1. Assuming that authentication issuccessful, the terminal 314 attempts to attach to PMA1.

PMA1 determines the ultimate home anchoring point of the terminal 314.In various implementations, this may occur during authentication.Additionally, PMA1 may perform a DNS lookup to determine an IP addressfrom ultimate home agent identification information. In various otherimplementations, HA1 and/or PMA2 may instead perform this function.

PMA1 sends a binding update to HA1, which includes an identifier of theterminal 314 and an identifier of the ultimate home agent. These may bereferred to as the network address identifier (NAI) and the home agentidentifier (HID), respectively. HA1 allocates address IP₁ to theterminal 314. Because HA1 has received the HID, HA1 instructs PMA2 tobind to the ultimate home agent. PMA2 locates the ultimate home agentbased on the HID.

In various implementations, the binding update from PMA1 to HA1 may omitthe HID. Therefore, HA1 may automatically determine what the ultimatehome agent of the terminal 314 is. HA1 may use the NAI of the terminal314, or a portion of the NAI, to look up the ultimate home agent, suchas with an AAA query. The HA1 will then know whether it is the ultimatehome agent of the terminal 314. Alternatively, the binding update mayinclude an indication that HA1 is not the ultimate home agent. This mayprompt HA1 to determine the ultimate home agent of the terminal 314.

When HA1 determines that it is not the ultimate home agent, it triggersPMA2 to bind to the ultimate home agent. HA1 may provide the address ofthe ultimate home agent, or PMA2 may determine this information. Forexample, PMA2 may contact an AAA server and/or a DNS server using theHID.

PMA2 sends a binding update, which includes the NAI, to HA2. HA2allocates an address, IP₂, to the terminal 314. HA2 may store IP₂ in amapping of NAIs and allocated IP addresses. HA2 sends a bindingacknowledgement, including IP₂, to PMA2. PMA2 and HA2 then set up atunnel between each other. PMA2 forwards the allocated address IP₂ toHA1. HA1 then sends a binding acknowledgment including IP₂ to PMA1. PMA1and HA1 set up a tunnel between each other. PMA1 then assigns theaddress IP₂ to the terminal 314. In various implementations, theattachment request and the address assignment may be performed using aDHCP request and offer, respectively.

Referring now to FIG. 11A, a packet 502 is shown being transmitted bythe terminal 314. The packet 502 includes a source address of IP₂, whichhas been assigned to the terminal 314. The destination address, which isroutable from HA2, is denoted IP_(dest). The packet 502 may include apayload. The packet 502 is sent to PMA1. PMA1 encapsulates the packet502 into a payload of a first encapsulating packet 504.

The first encapsulating packet 504 has a source address of PMA1,IP_(PMA1), and a destination address of the intermediate anchoring point330, IP_(IAP). HA1 extracts the packet 502 from the first encapsulatingpacket 504. Based on the source address of the packet 502, PMA2recognizes that the packet 502 should be passed to HA2.

PMA2 encapsulates the packet 502 into a second encapsulating packet 506.The second encapsulating packet 506 has a source address of IP_(IAP) anda destination address of HA2, IP_(HA2). HA2 extracts the packet 502 fromthe second encapsulating packet 506, and forwards the packet 502 to thenoted destination address, IP_(dest). For example, IP_(dest) may bewithin the Internet 104, within the home network, or within a visitednetwork.

Referring now to FIG. 11B, a packet 552 being transmitted to theterminal 314 is shown. The packet 552 has a destination address of IP₂,which has been assigned to the terminal 314. The packet 552 has a sourceaddress designated IP_(src), and may include a payload. When HA2receives packets with a destination address of IP₂, they are tunneled tothe terminal 314.

The packet 552 is therefore encapsulated in a payload of a firstencapsulating packet 554. The first encapsulating packet 554 has asource address of IP_(HA2) and a destination address of IP_(IAP). PMA2extracts the packet 552 from the first encapsulating packet 554. BecauseIP₂, the destination address of the packet 552, is associated with PMA1,PMA2 forwards the packet 552 to HA1 for tunneling to PMA1.

HA1 encapsulates the packet 552 into a payload of a second encapsulatingpacket 556. The second encapsulating packet 556 has a source address ofIP_(IAP) and a destination address of IP_(PMA1). PMA1 receives thesecond encapsulating packet 556 and extracts the packet 552. The packet552 is then forwarded to the destination address, IP₂, which has beenassigned to the terminal 314.

Referring now to FIG. 12A, an exemplary timeline depicts forwarding ofthe packet 502, where the intermediate anchoring point 330 reveals anindividualized IP address to HA2. A different second encapsulatingpacket 510 takes the place of the second encapsulating packet 506 ofFIG. 11A. The source address of the second encapsulating packet 510 isIP₁, which was allocated by HA1. By specifying IP₁ as the sourceaddress, HA2 will reply to IP₁.

For example, the intermediate anchoring point 330 may allocate IPaddresses per terminal and/or per PMA. Then when the intermediateanchoring point 330 receives a packet from HA2, the destination addressof the packet may indicate to which PMA or terminal that packet shouldbe forwarded. This will be shown in more detail in FIG. 12B.

Referring now to FIG. 12B, an exemplary timeline depicts the packet 552being transmitted to the terminal 314, where the intermediate anchoringpoint 330 has revealed an address of IP₁ to HA2. HA2 encapsulates thepacket 552 into a payload of a first encapsulating packet 560. The firstencapsulating packet 560 has a source address of IP_(HA2) and adestination address of IP₁, which was received from PMA2.

When PMA2 receives the first encapsulating packet 560, PMA2 parses theheader of the first encapsulating packet 560 to find the destinationaddress, which is IP₁ in this example. PMA1 can then reference a lookuptable using IP₁. IP₁ may correspond to a specific PMA or to a specificterminal. If IP₁ corresponds to a specific terminal, a mapping ofterminals to PMA can be used to determine the correct PMA. If IP₁corresponds to a specific PMA, the first encapsulating packet 560 can besent to that PMA.

PMA2 or HA1 can then modify the header of the first encapsulating packet560 to produce a second encapsulating packet 562. The destinationaddress of the second encapsulating packet 562 is the PMA indicated byIP₁. HA1 then tunnels the second encapsulating packet 562 to the PMA1402. The second encapsulating packet therefore has a source address ofIP_(IAP) and a destination address of IP_(PMA1). By using IP₁ toidentify incoming packets, PMA2 may not need to extract the packet 552in order to forward the first encapsulating packet 560.

Referring now to FIG. 13A, a functional block diagram of an exemplaryimplementation of the intermediate anchoring point 330 is presented. Theintermediate anchoring point 330 includes a network processor 602, whichcommunicates with an internal network interface 606 and an externalnetwork interface 610. The internal network interface 606 communicateswith other elements within the network housing the intermediateanchoring point 330, which is referred to as the visited network.

The external network interface 610 communicates with other networks andwith the network designated as the home network. The network processor602 may communicate with a firewall module 614 and with a NetworkAddress Translation (NAT) module. The network processor 602 may makerouting decisions using a routing table 622.

A tunneling module 626 may establish tunnels within the visited networkand with external networks, such as the home network. In addition, thetunneling module 626 may perform encapsulation and decapsulation ofpackets. The routing table 622 may be updated by a home agent (HA)module 630 and a proxy mobility agent (PMA) module 634.

For example, the HA module 630 may receive binding updates, allocate IPaddresses, trigger hierarchical proxy mobility, set up tunnels, andtransmit binding acknowledgments. The PMA module 634 may transmitbinding updates, receive binding acknowledgements, set up tunnels, andforward IP addresses.

The HA module 630 and the PMA module 634 may communicate with each otherto relay information for hierarchical proxy mobility. For example, theinformation transferred between the HA module 630 and the PMA module 634may include binding update triggers command from the HA module 630 tothe PMA module 634 and forwarding of the IP₂ address from the PMA module634 to the HA module 630.

Referring now to FIG. 13B, a functional block diagram of anotherexemplary implementation of an intermediate anchoring point 702 ispresented. The intermediate anchoring point 702 includes the networkprocessor 602, which may communicate with the firewall module 614 andthe NAT module 618. The network processor 602 interfaces with theinternal and external network interfaces 606 and 610.

The internal network interface 606 communicates with a switch fabric706. In various implementations, the switch fabric 706 may beincorporated into the network processor 602 and additional internalnetwork interfaces (not shown) may be added to the intermediateanchoring point 702. A PMA module 710 includes a network interface 712,which interfaces with the switch fabric 706. An HA module 720 includes anetwork interface 722, which also interfaces with the switch fabric 706.

The PMA module 710 and the HA module 720 may communicate with eachother. This communication may be accomplished, for example, through adirect bus, a direct network connection, or via the switch fabric 706.The PMA module 710 and the HA module 720 can update a routing table 730and a tunneling module 740 in the intermediate anchoring point 702.

While graphically depicted as separate connections, the PMA module 710and the HA module 720 may communicate with the routing table 730 and thetunneling module 740 via the switch fabric 706 and the network processor602. In various implementations, the PMA module 710 and the HA module720 may be incorporated into the intermediate anchoring point 702. Forexample, FIG. 13A depicts a case where both the PMA module 710 and theHA module 720 are incorporated into the intermediate anchoring point702.

Referring now to FIG. 14, a flowchart depicts exemplary steps performedby the first PMA 402. Control begins in step 802, where controldetermines where an access request has been received. If so, controltransfers to step 804; otherwise, control transfers to step 806. In step804, control contacts an AAA server to determine whether the terminal isauthorized to attach. Control continues in step 808.

In step 808, if the AAA process determines that the terminal isauthorized to attach, control continues in step 810; otherwise, controltransfers to step 806. In step 810, control sends a binding update withthe network address identifier of the terminal to the intermediateanchoring point. Control then continues in step 806.

In step 806, control determines whether a binding acknowledgement hasbeen received. If so, control transfers to step 812; otherwise, controlstransfers to step 814. In step 812, control sets up a tunnel to the homeagent from which the binding acknowledgement was received. The homeagent may be located in the intermediate anchoring point, and may sharean IP address with the intermediate anchoring point. Control thencontinues in step 816, where the address received in the bindingacknowledgement is assigned to the terminal. Control then continues instep 814.

In step 814, control determines whether a packet has been received froma terminal. If so, control transfers to step 818; otherwise, controltransfers to step 820. In step 818, control encapsulates the packet andsends the encapsulated packet to the home agent. Control then continuesto step 820. In step 820, control determines whether a packet has beenreceived from the intermediate anchoring point. If so, control transfersto step 822; otherwise, control returns to step 802. In step 822,control decapsulates the packet and sends the packet to the destinationaddress. The destination address will likely be that of the terminal.Control then returns to step 802.

Referring now to FIG. 15, a flowchart depicts exemplary steps performedby the intermediate anchoring point 330. Control begins in step 902,where control determines where a binding update has been received. Ifso, control transfers to step 904; otherwise, control transfers to step906. In step 904, control allocates an IP address, IP₁, to the terminalthat triggered the binding update.

Control then continues in step 908, where control determines whether thebinding update includes an augmented network address identifier (NAI).If so, control transfers to step 910; if not, control transfers to step912. An augmented NAI indicates that the ultimate home agent is not inthe intermediate anchoring point 330. Therefore, in step 910, controldetermines the address of the ultimate home agent.

For example only, control may provide the NAI to an AAA server todetermine the ultimate home agent address. In various implementations,control may perform this action even when the received NAI is notaugmented. The intermediate anchoring point 330 may serve as a homeagent in addition to providing hierarchical proxy mobility between aproxy mobility agent and another home agent. When binding updates arereceived for the intermediate anchoring point 330 acting as a homeagent, the ultimate home agent address should resolve to the address ofthe intermediate anchoring point 330.

The augmented NAI may include a home agent identifier (HID), which mayinclude a logical name or network address for the ultimate home agent.Control may resolve a logical name into a network address, such as byusing a DNS query. The HID may already include the network address whenthe PMA sending the binding update has already performed thisresolution.

Control continues in step 914, where a binding update is sent to theultimate home agent, which may have been identified by an HID. Thebinding update may be sent with a source address of the address of theintermediate anchoring point 330, such as shown in FIG. 11A.Alternatively, the binding update may be sent with a source address ofthe allocated address, IP₁, such as is shown in FIG. 12A. Control thencontinues in step 906.

In step 912, the intermediate anchoring point 330 is the ultimate homeagent, and so a binding acknowledgement is returned to the first PMA402, PMA1, including the allocated address, IP₁. Control continues instep 906. In step 906, control determines whether a bindingacknowledgement has been received. If so, control transfers to step 916;otherwise, control transfers to step 918.

In step 916, control stores the received IP address as IP₂. Control maycreate a table entry matching IP₂ with the PMA that originated thebinding process, which is PMA1 in the example of FIG. 10. Controlcontinues in step 920, where control sets up a tunnel between PMA2 andthe sender of the binding acknowledgement, HA2. Control continues instep 922, where control sends a binding acknowledgment including IP₂ toPMA1. Controls continue in step 918.

In step 918, control determines whether an encapsulated packet has beenreceived. If so, control transfers to step 924. Otherwise, controlreturns to step 902. In step 924, the packet is decapsulated. Controlcontinues in step 926, where control determines if the destination ofthe packet is a terminal connected within the visited network. If so,control transfers to step 928; otherwise, control transfers to step 930.In step 926, control may check if the packet destination is any of theIP addresses, such as IP₂, assigned to terminals connected to theintermediate anchoring point 330.

In step 928, control encapsulates the packet and sends it to theappropriate PMA, which is PMA1 in the example of FIG. 10. Control thenreturns to step 902. In step 930, control encapsulates the packet andsends the packet to the appropriate home agent, which is HA2 in thisexample. Control then returns to step 902.

Referring now to FIG. 15B, a flowchart depicts exemplary steps performedby the intermediate anchoring point 330 where the intermediate anchoringpoint 330 presents an IP address for each Connected terminal or PMA. Instep 902, if control has received a binding update, control transfers tostep 940; otherwise, control transfers to step 906.

In step 940, control allocates address IP₁ to the terminal thattriggered the binding update. In various implementations, controlallocates an IP address for each terminal connected to the intermediateanchoring point 330. In various other implementations, control allocatesan IP address for each PMA. Addresses assigned to each PMA may bepredetermined when each PMA is added to the visited network. Controlthen continues in step 908.

After step 910, control continues in step 942. In step 942, the bindingupdate is sent to the ultimate home agent, which may have been specifiedby the HID. The source address for the binding update is IP₁, whichcorresponds to the terminal or to the PMA to which the terminal isattached. Control then continues in step 906.

If a binding acknowledgement is not received in step 906, controltransfers to step 944. In step 944, control determines whether anencapsulated packet has been received from an internal PMA, such asPMA1. If so, control transfers to step 946; otherwise, control transfersto step 948. In step 946, control decapsulates the packet.

Control then continues in step 950, where control analyzes the sourceaddress of the decapsulated packet. In the present example, thedecapsulated packet will have a source address of IP₂. This indicates towhich home agent the packet should be tunneled. In addition, the sourceaddress IP₂ indicates which address should be used as the source whentunneling the packet to the home agent. In this example, the sourceaddress would be IP₁.

The source address could be determined without decapsulating the packetif IP₁ was allocated per PMA because the source address of the tunneledpacket indicates the PMA's address, which corresponds to IP₁. However,the packet is already decapsulated to determine to which home agent thepacket will be tunneled, which is based on the terminal's IP address,not the PMA's address.

Control then continues in step 952, where control encapsulates thepacket and sends the packet to the ultimate home agent, HA2, and makesIP₁ the source address. Control then returns to step 902. In step 948,control determines whether an encapsulated packet has been received froman external home agent, such as HA2. If so, control transfers to step954; otherwise, control returns to step 902. In step 954, control routesthe packet to the appropriate PMA based on the destination address ofthe received encapsulated packet. The destination address is IP₁, whichcorresponds to a specific terminal or PMA. Control retains a mapping ofIP₁ to PMA, so control can determine which internal PMA the encapsulatedpacket should be sent to without decapsulating the packet. Control thenreturns to step 902.

Those skilled in the art can now appreciate from the foregoingdescription that the broad teachings of the disclosure can beimplemented in a variety of forms. Therefore, while this disclosureincludes particular examples, the true scope of the disclosure shouldnot be so limited since other modifications will become apparent to theskilled practitioner upon a study of the drawings, the specification,and the following claims.

What is claimed is:
 1. A networking system comprising: a proxy mobilityagent (PMA) module configured to send a first binding update messageincluding a unique identifier to a remote home agent (HA) in response toa trigger signal, wherein the remote HA is located remotely from thenetworking system; and an HA module configured to (i) receive a secondbinding update message from a remote PMA, the second binding updatemessage including the unique identifier, and (ii) selectively send thetrigger signal to the PMA module in response to the second bindingupdate message, wherein the unique identifier identifies a mobileterminal associated with the remote PMA, wherein the remote PMA islocated remotely from the networking system, wherein the PMA module isfurther configured to (i) receive a first binding acknowledgement fromthe remote HA, the first binding acknowledgement including an internetprotocol (IP) address assigned to the mobile terminal by the remote HA,and (ii) forward the assigned IP address to the HA module, and whereinthe HA module is further configured to (i) receive the assigned IPaddress from the PMA module and (ii) transmit a second bindingacknowledgement to the remote PMA, the second binding acknowledgementincluding the assigned IP address.
 2. The networking system of claim 1,wherein the HA module is configured to, in response to the assigned IPaddress being received by the remote PMA, establish a tunnel with theremote PMA.
 3. The networking system of claim 1, wherein the PMA moduleis configured to, in response to receiving the first bindingacknowledgement, establish a tunnel with the remote HA.
 4. Thenetworking system of claim 1, wherein one of the PMA module and the HAmodule is configured to allocate an allocated IP address to the remotePMA.
 5. The networking system of claim 4, wherein the HA module isconfigured to, in response to the PMA module receiving a packet with adestination address corresponding to the allocated IP address, forwardthe packet to the remote PMA.
 6. The networking system of claim 4,further comprising a memory configured to store a mapping from allocatedIP address to PMA address.
 7. The networking system of claim 1, whereinone of the PMA module and the HA module is configured to allocate anallocated IP address to the mobile terminal.
 8. The networking system ofclaim 7, wherein the HA module is configured to, in response to the PMAmodule receiving a packet with a destination address corresponding tothe allocated IP address, forward the packet to the remote PMA.
 9. Thenetworking system of claim 7, further comprising a memory configured tostore a mapping from allocated IP address to PMA address.
 10. Thenetworking system of claim 1, wherein the HA module is configured toreceive an address of the remote HA from the remote PMA.
 11. Thenetworking system of claim 1, wherein one of the HA module and the PMAmodule is configured to determine an address of the remote HA.
 12. Thenetworking system of claim 11, wherein the address of the remote HA isdetermined in response to the unique identifier.
 13. The networkingsystem of claim 12, wherein the address of the remote HA is determinedfrom an authentication server.
 14. The networking system of claim 11,wherein the address of the remote HA is determined from a domain namesystem (DNS) query in response to a logical name.
 15. The networkingsystem of claim 14, wherein the logical name is received from the remotePMA.
 16. The networking system of claim 1, wherein the HA module isconfigured to send the trigger signal to the PMA module in response tothe second binding update message including an augmented identifier thatincludes the unique identifier.
 17. The networking system of claim 16,wherein the augmented identifier includes an HA identifier.
 18. Thenetworking system of claim 17, wherein one of the HA module and the PMAmodule is configured to resolve the HA identifier to an address of theremote HA.
 19. The networking system of claim 1, wherein the HA moduleis configured to send the trigger signal to the PMA module in responseto the second binding update message including a predeterminedindicator.
 20. The networking system of claim 1, wherein the HA moduleis configured to (i) determine an HA identifier for the mobile terminaland (ii) in response to the HA identifier differing from an address ofthe HA module, send the trigger signal to the PMA module.
 21. Thenetworking system of claim 20, wherein the HA module is configured todetermine the HA identifier in response to the unique identifier.
 22. Amethod of controlling a networking system, the method comprising:receiving a first binding update, at a first home agent (HA), from aremote proxy mobility agent (PMA), wherein the first binding updateincludes a unique identifier that identifies a mobile terminalassociated with the remote PMA, and wherein the remote PMA is locatedremotely from the networking system; selectively generating a triggersignal, at the first HA, in response to receiving the first bindingupdate; transmitting the trigger signal from the first HA to a firstPMA; transmitting a second binding update from the first PMA to a remoteHA in response to the trigger signal, wherein the second binding updateincludes the unique identifier, and wherein the remote HA is locatedremotely from the networking system; at the first PMA, receiving a firstbinding acknowledgement from the remote HA, the first bindingacknowledgement including an internet protocol (IP) address assigned tothe mobile terminal by the remote HA; forwarding the assigned IP addressfrom the first PMA to the first HA; receiving the assigned IP address atthe first HA; and transmitting a second binding acknowledgement from thefirst HA to the remote PMA, the second binding acknowledgement includingthe assigned IP address.
 23. The method of claim 22, further comprisingestablishing a tunnel between the first HA and the remote PMA inresponse to the assigned IP address being received by the remote PMA.24. The method of claim 22, further comprising establishing a tunnelbetween the first PMA and the remote HA in response to receiving thefirst binding acknowledgement.
 25. The method of claim 22, furthercomprising allocating an allocated IP address to the remote PMA.
 26. Themethod of claim 25, further comprising: receiving a packet with adestination address corresponding to the allocated IP address; andforwarding the packet to the remote PMA.
 27. The method of claim 25,further comprising storing a mapping from allocated IP address to PMAaddress.
 28. The method of claim 22, further comprising allocating anallocated IP address to the mobile terminal.
 29. The method of claim 28,further comprising: receiving a packet with a destination addresscorresponding to the allocated IP address; and forwarding the packet tothe remote PMA.
 30. The method of claim 28, further comprising storing amapping from allocated IP address to PMA address.
 31. The method ofclaim 22, further comprising receiving an address of the remote HA fromthe remote PMA.
 32. The method of claim 22, further comprisingdetermining an address of the remote HA.
 33. The method of claim 32,further comprising determining the address of the remote HA in responseto the unique identifier.
 34. The method of claim 33, further comprisingdetermining the address of the remote HA from an authentication server.35. The method of claim 32, further comprising determining the addressof the remote HA by performing a domain name system (DNS) query on alogical name.
 36. The method of claim 35, further comprising receivingthe logical name from the remote PMA.
 37. The method of claim 22,further comprising generating the trigger signal in response to thefirst binding update including an augmented identifier including theunique identifier.
 38. The method of claim 37, wherein the augmentedidentifier includes an HA identifier.
 39. The method of claim 38,further comprising resolving the HA identifier to an address of theremote HA.
 40. The method of claim 22, further comprising generating thetrigger signal in response to the first binding update including apredetermined indicator.
 41. The method of claim 22, further comprising:determining an HA identifier for the mobile terminal; and generating thetrigger signal in response to the HA identifier differing from anaddress of the remote HA.
 42. The method of claim 41, further comprisingdetermining the HA identifier in response to the unique identifier.